search

solidusio / solidus_auth_devise

🔑 Devise authentication for your Solidus store.
http://solidus.io
BSD 3-Clause "New" or "Revised" License
52 stars 124 forks source link

Reset api key when assigning password #99

Closed jhawthorn closed 6 years ago

jhawthorn commented 7 years ago

Instead of resetting it when saving a new password. This avoids adding an ActiveRecord callback which in turn needs to use the _changed? api (which has changing in Rails 5.1).

This avoids a warning on Rails 5.1

jhawthorn commented 7 years ago

Hmm, not sure if we want this. Before the api key only changes if the password really changed, now it always changes the api even when setting the same password again.

Even when using password_changed? it will happen even when setting the same password (and setting the same password has to be done intentionally).

> user.encrypted_password_changed? #=> false
> user.password = "test123"
> user.encrypted_password_changed? #=> true
> user.save!
> user.encrypted_password_changed? #=> false
> user.password = "test123"
> user.encrypted_password_changed? #=> true

However, encrypted_password_changed? doesn't become true if the new password was blank? (like with ""). So we should check that before updating.

jhawthorn commented 7 years ago

Updated and added spec for assigning empty password